Netzooi/hunt-jwt
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
hunt-jwt/README.md

165 lines
3.5 KiB
Markdown
Raw Permalink Normal View History

Import all the source code.
2019-10-11 03:27:44 +00:00
<a href="https://code.dlang.org/packages/jwt" title="Go to jwt"><img src="https://img.shields.io/dub/v/jwt.svg" alt="Dub version"></a>
# JWT
A Simple D implementation of JSON Web Tokens. It's forked from https://github.com/zolamk/jwt.
# Supported Algorithms
- none
- HS256
- HS384
- HS512
More improvements
2020-11-23 10:00:11 +00:00
- RS256
- RS384
- RS512
- ES256
- ES384
- ES512
Import all the source code.
2019-10-11 03:27:44 +00:00
#### This library uses [semantic versioning 2.0.0][3]
# What's New
- added support for `arrays` and `objects` in claims
- removed `verify` function that doesn't take algorithm type, see why [here][4]
- changed `verify` function to take an array of algorithms to support multiple algorithms
- renamed `InvalidSignature` to `InvalidSignatureException`
# How To Use
## Encoding
import jwt.jwt;
import jwt.algorithms;
import std.json;
void main() {
JSONValue user = ["id": JSONValue(60119), "uri": JSONValue("https://api.we.are/60119")];
More improvements
2020-11-23 10:00:11 +00:00
JwtToken token = new JwtToken(JwtAlgorithm.HS512);
Import all the source code.
2019-10-11 03:27:44 +00:00
token.claims.exp = Clock.currTime.toUnixTime();
token.claims.set("user", user);
token.claims.set("data", [JSONValue("zm"), JSONValue(58718)]);
string encodedToken = token.encode("supersecret");
// work with the encoded token
}
## Verifying
import jwt.jwt;
import jwt.exceptions;
import jwt.algorithms;
void main() {
// get encoded token from header or ...
try {
More improvements
2020-11-23 10:00:11 +00:00
JwtToken token = JwtToken.verify(encodedToken, "supersecret");
Import all the source code.
2019-10-11 03:27:44 +00:00
writeln(token.claims.getInt("id"));
JSONValue user = token.claims.getObject("user");
JSONValue[] a = token.claims.getArray("data");
long userID = user["id"].integer();
string uri = user["uri"].str();
writeln(userID);
writeln(uri);
writeln(a[0].str());
writeln(a[1].integer());
} catch (InvalidAlgorithmException e) {
writeln("token has an invalid algorithm");
} catch (InvalidSignatureException e) {
writeln("This token has been tampered with");
} catch (NotBeforeException e) {
writeln("Token is not valid yet");
} catch (ExpiredException e) {
writeln("Token has expired");
}
}
## Encoding without signature
import jwt.jwt;
import jwt.algorithms;
void main() {
More improvements
2020-11-23 10:00:11 +00:00
JwtToken token = new JwtToken(JwtAlgorithm.NONE);
Import all the source code.
2019-10-11 03:27:44 +00:00
token.claims.exp = Clock.currTime.toUnixTime();
token.claims.set("id", 60119);
string encodedToken = token.encode();
// work with the encoded token
}
## Verifying without signature
import jwt.jwt;
import jwt.exceptions;
import jwt.algorithms;
void main() {
// get encoded token from header or ...
try {
More improvements
2020-11-23 10:00:11 +00:00
JwtToken token = JwtToken.verify(encodedToken);
Import all the source code.
2019-10-11 03:27:44 +00:00
writeln(token.claims.getInt("id"));
} catch (NotBeforeException e) {
writeln("Token is not valid yet");
} catch (ExpiredException e) {
writeln("Token has expired");
}
}
# Limitations
- ##### Since Phobos doesn't(hopefully yet) support RSA algorithms this library only provides HMAC signing.
# Note
this library uses code and ideas from [jwtd][1] and [jwt-go][2]
[1]: https://github.com/olehlong/jwtd
[2]: https://github.com/dgrijalva/jwt-go
[3]: http://semver.org
[4]: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
ECC token decoding and encoding passed
2021-03-04 12:38:00 +00:00
[5]: https://github.com/benmcollins/libjwt
Reference in a new issue Copy permalink